% This file is part of the i10 thesis template developed and used by the
% Media Computing Group at RWTH Aachen University.
% The current version of this template can be obtained at
% <http://www.media.informatik.rwth-aachen.de/karrer.html>.





\chapter{Introduction}
\label{introduction}

\section{Background}
\begin{figure}
	\centering
		\includegraphics[width=0.4\textwidth]{images/rfid_tag.jpg}
	\caption{RFID tag}
	\label{fig:rfid_tag}
\end{figure}


Nowadays, there is a significant thrust to use Radio-frequency identification (RFID) in enterprise supply chain management, improving the efficiency of inventory tracking. RFID tag (Figure~\ref{fig:rfid_tag}) is a tag that carries information about item it taps on, and then it can be read at certain point, e.g. the entrance of the warehouse. The information read from RFID tag can be easily converted into data record by certain middleware, and then these records stored in companies' EPCIS \citepalias{epcis} repository can be accessed to enable the traceability of individual products and generate a report of product's track. This could be the key feature to many applications such as targeted recall and counterfeit detection in a traceability network.

\myBigFigure
{PSC}
{A Pharmaceutical Supply Chain ~\fullcite{Theseos1}}
{A Pharmaceutical Supply Chain ~\fullcite{Theseos1}}

%\begin{figure}
%	\centering
%		\includegraphics[width=\fullwidth]{images/PSC.pdf}
%	\caption{A Pharmaceutical Supply Chain ~\fullcite{Theseos1}}
%	\label{fig:PSC}
%\end{figure}


Figure~\ref{image_PSC} depicts a Pharmacentical Supply Chain. There is a drug called Lucitin produced by PharmaPlant, a Manufacturer in the supply chain, and then it has been transferred from PharmaPlant to the hospital WholeHealth along with the red arrow. When a patient at WholeHealth hospital uses the Lucitin, but does not recover as expected, the hospital may suspect the source of the drug Lucitin. The hospital can use its SCM system to emit a query from itself to the manufacturer along with the dotted line to retrieve Lucitin's information from Wholesaler, Distributor and Manufacturer. As the system gets enough information, it could generate a traceability report that can be used to find out where the problem is. A traceability network has been set up in the supply chain during the traceability report generation process. When the manufacturer Pharma Plant need to recall all pill bottles sent out on Lucitin palette P1 when it finds some defects of the product. The SCM system runs on PharmaPlant can be used to send out a request along with the dashed line to gather all the information about Lucitin. It can find all the recipients of Lucitin where a recall request should be sent to.

As in the example above, data sharing is the key point in enabling product anti-counterfeit and recall. However, information about items is always sensitive information of companies, and accesses to it should be provided very carefully. Current system like IBM's Theseos \fullcite{Theseos1} has developed as a query engine to realize anti-counterfeit and callback applications in a traceability network. It uses Row-level access control which means the owner of a record decides whether the record can be shared with anybody or access is restricted to parties that own records for the same EPC number (i.e., they belong to a chain of trading partners \fullcite{Theseos1}. Though it mentioned group-based access control is one way to deal with authentication and authorization issues, it does not realize it. Further more, security requirement in reality is more complex than they addressed in their paper\fullcite{Theseos1}. Except item information, the addresses of participants in a supply chain known by the company are always confidential to other participants. Companies will share their data very carefully to avoid business secret leaking. Therefore, complex access control should be employed as companies want to enable data sharing in a restrict way.

\section{Issues to be addressed}

In this thesis, an Extended Role-based Access Control (ERBAC) is proposed to deal with access control requirements in the traceability network. We will address the issues below: 


1.	Describe how to adopt traditional RBAC for single company into a community of companies. 

2.	Model Roles in the traceability network and give role definitions in SCM. 

3.  Design role services to do Role Administration tasks.

4.	Give an implementation of selected parts.

5.	Give an evaluation of the ERBAC concepts.
